Cyber Security
 | 4 min read

THreat Advice: mac OS High Sierra Security Bug

By  Aura Information Security,
 29 November 2017
businessman hand working with modern technology and digital layer effect as business strategy concept.jpeg
Kordia has become aware of a security flaw in macOS High Sierra, aka macOS 10.13, which allows users to gain admin rights, or log in as root, without using a password.
The vulnerability could result in someone gaining direct access to your device, potentially enabling them to access sensitive information and/or install malware.


If you or anyone within your business is using macOS High Sierra, there are a few steps you can take to minimise risk.

What you should do:

Here at Kordia and Aura Information Security, we recommend immediately setting a strong root user password. There are a number of ways in which you can do this:

How to reset your root password:

  1. Open Terminal
  2. Type: sudo passwd
  3. Type in your own password
  4. Create a new password (long and strong, preferably using a password manager)
  5. Enter the new password (copy and pasted from the password manager)
  6. Hit enter
  7. Enter or paste it again and confirm the password

It should look like this:

  • sudo passwd
  • Password: Changing password for root
  • New password:
  • Retype new password:

If you are unable to reset your root user password immediately, the best protection is to restrict physical access and remote desktop access to the computer until this is able to be done.

 

Please note - resetting the root password is a temporary solution.

Setting a root password resolves the risk of being impacted by the macOS High Sierra security bug from the login screen and unlocking settings. However, it is not recommended that you retain a root password long-term. Industry best practice is to disable the root user or make it not possible to log in as root altogether. When a root password is used, the device is not tied to an individual person, gives full access to the computer, runs all actions with escalated privileges, and prevents accounting – making it impossible to determine who undertook actions on that device. It's recommended users have a separate administrative user that has administrative privileges but is not the root user directly. This makes accounting possible, and means that only desired actions are run with escalated privileges.

You should patch macOS when patches become available from Apple.

Password tips:

  • Avoid short passwords with numbers and varying capitals and lowercase letters
  • Rather, choose something ‘long and strong’ such as a favourite phrase, song lyrics, or quote from a book.
  • See more of Aura's password tips here. 

What we’re doing:

  • Kordia and Aura Information Security are keeping across all information sources to ensure we have a good understanding of the macOS High Sierra flaw and how best to respond.

If you need help or would like to report an incident:

If you need help, please contact your account manager directly, or call 0800 KORDIA.

If you would like to report an incident, you can do so by calling New Zealand CERT on 0800 CERT NZ. If you would like to report an incident you can do so on CERT’s website here